Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 507
Alerts This Week
Warning Icon 1 507

Fedora 41: BIND Critical DNSSEC Spoofing Fix CVE-2025-8677

fedora
Calendar Grey October 30, 2025
Scroller Fedora
This advisory covers important security fixes for BIND in Fedora 41, addressing weaknesses and threats.
Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found

Summary

BIND (Berkeley Internet Name Domain) is an implementation of the DNS

(Domain Name System) protocols. BIND includes a DNS server (named),

which resolves host names to IP addresses; a resolver library

(routines for applications to use when interfacing with DNS); and

tools for verifying that the DNS server is operating properly.

Update Information:

Update to 9.18.41 (rhbz#2405786) Security fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780) New Features: Support for parsing HHIT and BRID records has been added. Removed Features: Deprecate the "tkey-domain" statement. Deprecate the "tkey-gssapi-credential" statement. Bug Fixes: Prevent spurious SERVFAILs for certain 0-TTL resource records. Missing DNSSEC information when CD bit is set in query. https://downloads.isc.org/isc/bind9/9.18.41/doc/arm/html/notes.html#notes-for- bind-9-18-41

Change Log

* Fri Oct 24 2025 Petr Men\u0161k - 32:9.18.41-1 - Update to 9.18.41 (rhbz#2405786, CVE-2025-8677 CVE-2025-40778 CVE-2025-40780)

References


[ 1 ] Bug #2405786 - bind-9.18.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=2405786 [ 2 ] Bug #2405831 - CVE-2025-8677 CVE-2025-40778 CVE-2025-40780 bind: various flaws [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405831

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-10c407da27' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bind
Product: Fedora 41
Version: 9.18.41
Release: 1.fc41
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.